Can I use this at work?

Short answer: yes.

Moonshot OS is built for an individual person to use at work without asking permission. This page explains what that means in plain English — what we do with your data, who can see it, and the few cases where you genuinely should check with IT first.

It's a personal account, not a company purchase.

Your subscription is yours, billed to your card. Your company won’t see Moonshot on a company bill. Your IT department isn’t notified when you sign up. There’s no admin panel that exposes your account to anyone at your company.

We don’t market to your company. We don’t share your email with sales tools that look for company-domain matches. We don’t enroll you in any “workspace” you didn’t set up yourself.

If you sign up with a personal email, your account moves with you when you change jobs. Most people do this on purpose.

Your data is yours.

Anything you upload — CSVs, databases, notes, snippets — belongs to you. You can export everything at any time, in one click from settings. You can delete your account in one click, and we keep nothing afterward (except the minimum payment records we’re legally required to retain, which are purged on schedule).

We never train AI on your data. No exceptions. Your spreadsheets stay yours, period. We don’t sell your data. We don’t use it for analytics that other customers see. We don’t share it with any third party that isn’t directly involved in running this app (database, payment processor, etc. — see the privacy policy for the full list).

How your data is protected.

In transit: every connection is encrypted via HTTPS. Always — there’s no setting to turn this off.

At rest: your data lives in industry-standard encrypted storage. The app runs on Vercel. The database is Neon Postgres (encrypted by default). File storage is Cloudflare R2.

The free tier runs in your browser. When you use The Console as a free, anonymous visitor, your CSV never leaves your machine — the browser does all the work locally. Paid users upload to our server (because we save your sessions so you can come back to them), but everything above still applies.

When you should ask IT first.

Some industries have rules about where work data can go. For most everyday office work this doesn’t apply — but you should ask your IT or compliance team first if you handle:

HIPAA-regulated patient health information
Classified or controlled government data
Data under specific residency contracts (some EU agreements require EU-only storage; we’re currently US-based)
Cardholder data under PCI scope
Anything covered by a non-disclosure agreement that limits cloud storage

If you’re doing normal office work — analyzing CSVs, taking notes, tracking metrics, drafting emails from snippets — Moonshot is built for exactly that. You don’t need to ask permission to use a personal productivity tool any more than you’d ask permission to use Apple Notes or a calculator.

Common worries, answered.

Can my company find out I'm using this?

No. Your subscription is personal, billed to you, invisible to anyone at your company. We don't market to your company or its IT team. The only person who knows about your account is you.

What if I leave my job?

Your account is tied to your email and your card, not your employer. The account stays yours. If you signed up with a personal email, nothing about your account changes when you leave — your data is right where you left it.

Can my boss or IT see what I've uploaded?

No. There's no admin panel that exposes your work to anyone else. There's no 'company workspace' you've been put in without knowing. Your account is just yours.

What if I want to leave Moonshot?

Go to settings → export everything (sessions, trackers, notes, snippets — full data, downloadable as CSV/JSON). Then delete your account. We keep nothing after deletion apart from the minimum payment records required by law, which we purge as soon as we’re allowed to.

Is my data going to be used to train an AI model?

No. Not for our models, not for any third party's models, not ever. This is the most important commitment we make. We don't even have an internal AI training process — we built the Console on a deterministic ops engine, not an LLM, specifically so this question has a clean answer.

What if I'm in the EU?

Our infrastructure is currently US-based, which means GDPR-related data transfer rules apply. We're compliant under the EU-US Data Privacy Framework. If your employer has specific contractual residency requirements (e.g. EU-only storage), check those before uploading work data.

The legal version.

Everything on this page is a plain-English summary of what lives in the formal docs:

Have a question this page didn’t answer? Email us — we’ll answer it directly (and probably add it to this page).